Actually, you should just look at a product called ReefEdge
(www.reefedge.com) This device handles all user authentication, allows
you to roam between subnets while keeping the same IP address and it
will also differentiate guest users from employees - thus allowing
guests to only access the internet from lets say the conference room,
and the internal users can access all the network resources that you
want them to.

The ReefEdge device uses 168 bit 3des encryption, works with ANY access
point and ANY wireless card, and authenticates off of your NT/2k/Netware
domain.

I have no relation to Reefedge. I just think their product is way cool
because it does what everyone seems to wish a Wireless Network could do.

Regards,

Joel

-----Original Message-----
From: tcwug-list-admin at tcwug.org [mailto:tcwug-list-admin at tcwug.org] On
Behalf Of Nate Carlson
Sent: Wednesday, August 21, 2002 1:51 PM
To: tcwug-list at tcwug.org
Subject: Re: [TCWUG] Wireless setup in a small/midsize office

On Wed, 21 Aug 2002, Jon Kotek wrote:
> At this point there are 6 runs of Cat5 already done, and they have a
> 512K DSL line installed going into a smoothwall firewall server.  My
> only connection with them so far is the fact that I know the
> smoothwall part.  I would like to do some sort of web based
> authentication I think going to a radius server.

So you actually want people to be able to walk through the building with
their laptops and stuff, then? I was thinking of doing wireless as a
replacement for wired, where you just set up a wireless->wired bridge at
each suite who buys internet access, and let them do whatever they want
with the ethernet port.

If you're going to force non-roaming users to authenticate via a web
browser every time they want to hit the 'net, they may not be too
happy..
also, 11mb won't seem like very much if you're having everyone use it
for
their LAN along with 'net access.

>  I am going to push the cisco gear since it can run as a repeater if I
> need to, otherwise if the runs of cat5 are fairly spread out I would
> be able to run a cheaper solution (WAP11) and go with MAC filtering
> with WEP.  Now my other question is in using say a WAP11 AP would that
> work with roaming (I am assuming that they want to promote access from
> all conference rooms)  and still using MAC filtering??  Would I need
> to update all AP's (I am doing a WAG of 4 or 5 per floor) that could
> turn into an admin headache.  Otherwise throw out the MAC filtering
> and just stick with WEP and radius.  I know they would like to have
> some sort of accouting of usage, which

I'd still vote on IPSec to a VPN concentrator. That way, you can set up
whatever kind of account you want right on the concentrator. Plus,
you're
actually going to be reasonably secure, which plain WEP+Mac Filtering
isn't (yet).

As far as roaming, as long as they are all hooked up to the same
physical
network, you should be fine. If you've got a separate subnet for each
AP,
it's quite a bit more difficult (need mobile ip or somethin).

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (952)943-8700
http://www.real-time.com                | Fax   : (952)943-8500


_______________________________________________
Twin Cities Wireless Users Group Mailing List - Minneapolis/St. Paul,
Minnesota
http://www.tcwug.org
tcwug-list at tcwug.org
https://mailman.real-time.com/mailman/listinfo/tcwug-list